-
ICYMI: Key AI and security insights from our developer community
In our November LinkedIn Live broadcast, we brought together field CTOs, developer advocates, and community leaders to discuss industry trends and showcase features making a difference in developer workflows. Here are 5 key highlights: 1. AI adoption trends from the field Our field CTOs shared insights on how organizations are embracing AI across their development…
-
GitLab names Bill Staples as new CEO
This message from Sid Sijbrandij and Bill Staples was shared with GitLab team members earlier today. Sid: On today’s earnings call, I announced that I am stepping down as CEO and will remain Executive Chair of the Board. I also introduced GitLab’s new CEO, Bill Staples. As a Board, we routinely do succession planning. This…
-
GitLab Duo with Amazon Q: DevSecOps meets agentic AI
We’re excited to announce GitLab Duo with Amazon Q, a joint offering that brings together GitLab’s comprehensive AI-powered DevSecOps platform with Amazon Q’s autonomous AI agents in a single, integrated solution. GitLab Duo with Amazon Q transforms software development by integrating powerful AI agents directly into your daily workflows. Instead of switching between multiple tools,…
-
How to leverage GitLab Duo for enhanced security reporting
Good security reporting is crucial to maintain a good security posture because it provides detailed insights into incidents. With this information, organizations can better understand vulnerabilities, improve defenses, and prevent similar threats in the future. At GitLab, the Security division has created use cases for GitLab Duo to improve reporting capabilities and enhance operational efficiency.…
-
Cloud Security Trends: Predictions and Strategies for Resilience
In 2025, cloud native security is set to undergo transformative progress. As Chief Information Security Officer at Aqua, I’ve seen how rapidly evolving threats and operational demands are driving organizations to redefine their approach to security. The focus is no longer just on adapting to challenges—it’s about deeply embedding security into every facet of development…
-
From Theory to Practice: How to Make DevSecOps Work in Your Organization
Houston, we have a problem: implementing DevSecOps isn’t as straightforward as it seems. DevSecOps has redefined security in modern software development, becoming the benchmark for organizational success. By embedding security into every phase of the development lifecycle, organizations can deploy faster and collaborate more efficiently while ensuring security at every step. Yet, despite its advantages,…
-
300,000+ Prometheus Servers and Exporters Exposed to DoS Attacks
In this research, we uncovered several vulnerabilities and security flaws within the Prometheus ecosystem. These findings span across three major areas: information disclosure, denial-of-service (DoS), and code execution. We found that exposed Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys. In this…
-
Matrix Unleashes A New Widespread DDoS Campaign
Aqua Nautilus researchers uncovered a new and widespread Distributed Denial-of-Service (DDoS) campaign orchestrated by a threat actor named Matrix. Triggered by activities detected on our honeypots, this investigation dives deep into Matrix’s methods, targets, tools, and overall goals. Aqua Nautilus researchers uncovered a new and widespread Distributed Denial-of-Service (DDoS) campaign orchestrated by a threat actor…
-
New Aqua User Experience: Streamlined Vulnerability Management
The new Aqua Hub update is designed to take the headache out of vulnerability management, addressing common challenges like alert overload and data consistency issues. With this update, teams get a clean, streamlined view of vulnerabilities that cuts through the noise, so they can focus on the critical issues without getting lost in irrelevant details. …
-
Threat Actors Hijack Misconfigured Servers for Live Sports Streaming
To keep up with the ever-evolving world of cybersecurity, Aqua Nautilus researchers deploy honeypots that mimic real-world development environments. During a recent threat-hunting operation, they uncovered a surprising new attack vector: threat actors using misconfigured servers to hijack environments for streaming sports events. By exploiting misconfigured JupyterLab and Jupyter Notebook applications, attackers drop live streaming…